Malware Analysis Report

2024-11-30 13:06

Sample ID 240620-veartsxgkg
Target mitmproxy-10.3.1-windows-x86_64.zip
SHA256 0591eb8656ac1642f438bb5968d3a022030e2e7e177c380455a4930e9cf39df1
Tags
pyinstaller
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

0591eb8656ac1642f438bb5968d3a022030e2e7e177c380455a4930e9cf39df1

Threat Level: Shows suspicious behavior

The file mitmproxy-10.3.1-windows-x86_64.zip was found to be: Shows suspicious behavior.

Malicious Activity Summary

pyinstaller

Loads dropped DLL

Enumerates physical storage devices

Detects Pyinstaller

Unsigned PE

Suspicious use of SendNotifyMessage

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-20 16:53

Signatures

Detects Pyinstaller

pyinstaller
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-20 16:53

Reported

2024-06-20 16:55

Platform

win10v2004-20240508-en

Max time kernel

67s

Max time network

66s

Command Line

"C:\Users\Admin\AppData\Local\Temp\mitmdump.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4484 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe C:\Users\Admin\AppData\Local\Temp\mitmdump.exe
PID 4484 wrote to memory of 3940 N/A C:\Users\Admin\AppData\Local\Temp\mitmdump.exe C:\Users\Admin\AppData\Local\Temp\mitmdump.exe

Processes

C:\Users\Admin\AppData\Local\Temp\mitmdump.exe

"C:\Users\Admin\AppData\Local\Temp\mitmdump.exe"

C:\Users\Admin\AppData\Local\Temp\mitmdump.exe

"C:\Users\Admin\AppData\Local\Temp\mitmdump.exe"

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
N/A 127.0.0.1:61221 tcp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI44842\itsdangerous-2.2.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI44842\ucrtbase.dll

MD5 637c17ad8bccc838b0cf83ffb8e2c7fd
SHA1 b2dd2890668e589badb2ba61a27c1da503d73c39
SHA256 be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed
SHA512 f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

C:\Users\Admin\AppData\Local\Temp\_MEI44842\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI44842\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI44842\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_ctypes.pyd

MD5 bbd5533fc875a4a075097a7c6aba865e
SHA1 ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
SHA256 be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
SHA512 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

C:\Users\Admin\AppData\Local\Temp\_MEI44842\python3.dll

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI44842\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_cffi_backend.cp312-win_amd64.pyd

MD5 0572b13646141d0b1a5718e35549577c
SHA1 eeb40363c1f456c1c612d3c7e4923210eae4cdf7
SHA256 d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7
SHA512 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_brotli.cp312-win_amd64.pyd

MD5 9ad5bb6f92ee2cfd29dde8dd4da99eb7
SHA1 30a8309938c501b336fd3947de46c03f1bb19dc8
SHA256 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8
SHA512 a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

C:\Users\Admin\AppData\Local\Temp\_MEI44842\_asyncio.pyd

MD5 28d2a0405be6de3d168f28109030130c
SHA1 7151eccbd204b7503f34088a279d654cfe2260c9
SHA256 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d
SHA512 b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

C:\Users\Admin\AppData\Local\Temp\_MEI44842\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI44842\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI44842\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI44842\pyexpat.pyd

MD5 5e911ca0010d5c9dce50c58b703e0d80
SHA1 89be290bebab337417c41bab06f43effb4799671
SHA256 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b
SHA512 e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

C:\Users\Admin\AppData\Local\Temp\_MEI44842\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI44842\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-utility-l1-1-0.dll

MD5 3138b144c99759b77dbd488dc91134ae
SHA1 664718852f84ad49623ffd401fac7959eda57704
SHA256 3f78ca473da2335c8f26e32ac5a12ab6a76e4c415d923a930abbc0ef5630c835
SHA512 4e5c519facb1580eca906821d0956b750c63f8882acd5dd0be1531ee2ee45e8b0fb10de6db0f1cd254844131680e19206942d7be24e976bd34cf1ebfa434b16b

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-time-l1-1-0.dll

MD5 7e767ac571d63bcaeb64e243b2600b8d
SHA1 995ce687f655ff937fdf80c1ac7bae043e23e45a
SHA256 c7643c68c3a33a2f67edca02d713749cafeb200daf1f3db7bd2eb168809132ab
SHA512 10b0f0c4844b4beef38d9bd51bbde19ff83caa8e9ac2673528056535872b07e48515c973c50dea9da0ac335cf1a98374d31f52cb04bb0e95eb0e5e6337eee95e

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-string-l1-1-0.dll

MD5 017cd4317c9ff229fe723b4cef459e06
SHA1 d4355b4257d2efd5b1fc1a8b1ec8fbcde2260c75
SHA256 9800d19f55385efdb4bb215d7de0773fb9574fd5ce2773f0217973c780bb8ccf
SHA512 513e20936e54e179772669a5c097e61369e6b9e62b7a8c246e4bb518a190078968b6aa8c434418eae739b2081421faec4e396ae21803d383e853c77c8b914dc7

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-stdio-l1-1-0.dll

MD5 7f21f2ae857b6ed53ba086feca60e4d9
SHA1 abf957cf28b85c48a86ae255c36a978b4f1e0744
SHA256 479e452662de08c4f65572d78ad553d8a9ce0612e39e3b2aa274b77b40b398f2
SHA512 1a2d46806b48cf91beb7dcc9219af80f02d622b1aa9af7785e6b92dca138781a04a3c1bcc15f166fff96ee6bf3be19ae63e32b74a57d0f281acc1685fbca8148

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-runtime-l1-1-0.dll

MD5 9206d6bb749266ac31da559029003fbb
SHA1 496d3051b66d93951253686b73023b64350b521b
SHA256 19da9d0027faed99ef3685a706da4256a24bc705e1f3c0dfcb89df0508620814
SHA512 cd316a52b289e223f607a88033efe1de085a1fba3228a55900ef5908bd90c6342930bdfb73a1ae995c5e496977336186bb3c4e1a0f4f3de52a6465014ee917bf

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-process-l1-1-0.dll

MD5 e9208bf204cc2f705533328fa24f3a8b
SHA1 d2d6549d7a85dfb4d5877c59f3ba110985a202c9
SHA256 c679988b7dac986ec8d92b994d92b9979e565f6adbfd356b66a920f20e9caa86
SHA512 fb648540545c25d15a19cb9605fd78cbb5a214ff4d91d925400632aca85b59611493db71c65182cc189529fe767bcee114ac7e6c7980afa64875ca622ff1b038

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-math-l1-1-0.dll

MD5 0d517e23b98b6e465214a25b0e73a49b
SHA1 8900d523d919a42ef4750eee7ce87cfb835fa455
SHA256 90d5f4615e9aadf8f38f98a8443ca3cdcee6f082d07ee2abd1a74204dbefe73a
SHA512 d850881bd7b042051fecee9e2fb4be105184e678c82d25095f88dc3c4e6ca9eb4ef818eee36443a62a1f54225a5213363b5a058d3a70baa29dd83f44dc9a1eb4

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-locale-l1-1-0.dll

MD5 ed7e63157d241abb713998265b3987d1
SHA1 00d80cfe269434a4bbc7b2266e0e3d7f7ff72f2f
SHA256 3afe87a1dd2463fc3a9b5ba0bfc97fb3689764ac10d2c408f5a7b7d6caf06657
SHA512 3e89d1c1c3fca451a3d693873ebf58cceb73720c4c56d7449a96192fd240ac285a3da4e200ec289bfd5cfcfbdac4d83671059ed672739ca83deef9c891d84165

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-heap-l1-1-0.dll

MD5 dd79fe03815d8d96a70955257b85d025
SHA1 d98f5a2d2d52fc361064427fdecffbe1620b1d68
SHA256 505b61565d51d0c95d9bc77337d063cd18c97a575f5e318cc5a0458d10ef4638
SHA512 3fa3d9a9cddb493786c557f0738c6fad181a862749447c8172093709c4e931708cce12c9d177dbc4f9a0de0f950ebeaf02271e7cbc2b1f177e9c7f838b9ad7d0

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 442a686b00c22cc9affcecb15a569267
SHA1 10f02b15493737d30aacebad19ecadb8bab81817
SHA256 cb0be4a28ff15650353aa3ea778e7b4076f77d394b6c406b2d288a8ccdf88a05
SHA512 3d1da7ce726a435629d492ee2191e9818ddc975fc686835d61f1259fbb123de522f419a4571fb24c2c5227a2d12a83db2815aca6b7360a75a4b0671ea212acbd

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-environment-l1-1-0.dll

MD5 0ed33abfad3cedf07f538e2152443683
SHA1 78eed147eb33efd14f03d8e2fbe0ec0f41ae4056
SHA256 f76d2547bfc429e14b49d030679fdefa12383c1f3a8e09fa69b760a89f469e9a
SHA512 42b9417b464f6ddd45294e85b3f9143e5c76f512ca70214d1fc302f0cd28c8b7c29d9e213c78861d10ef4316aa02c14ecec2d9bc5a8021880f4186798eb4e317

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-convert-l1-1-0.dll

MD5 d360a829d5376ff0961f62bbe5ac9e06
SHA1 7965077b47bf9949570656df5160f55d27eed1a4
SHA256 6db47157030960e7106cec7825601ce7a33ea58ece603c90ecd9532ece1d1afe
SHA512 aaeed59b187bb277239a07e539e34520e8bc321e4f398e44ee396751e76c189c0180171202380974f12c1c302e77b533b7a93898dd8ddfd5c524143a22b3b748

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-crt-conio-l1-1-0.dll

MD5 218334da1ed369d2b694d3dff42da6ce
SHA1 afcb936ebfc7a2d6cd3b0c7f25a3fb125bcb8a8a
SHA256 b6ff4feabbe5f1fdc56f2e4e440dd8258702c3fc2a314440100319a62304baff
SHA512 9f2d009935b0847f89639b80c79dbe0fdfd08aa0c958ff67665a90971d3b304edf0e87b99112ca3ce988c2065147a41b63f47cd107d3a02e1a164ceb9bc4c13d

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-util-l1-1-0.dll

MD5 fa11fa74380735a5b8d4b309de4854be
SHA1 328959db39043cf7591cb18faec351957695f788
SHA256 167e6e08e570e1ce34854781463c218bf14124a4112216b5f93d38d3c204e62a
SHA512 a82f457868374c92322f7508f2ed98504e62b670621ba17ad636044a8198f5be56be46b25426bec1b85dd79b3de7c2a00bec33bd9246bc136a208a6d6e5f335f

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-timezone-l1-1-0.dll

MD5 59f3aeb2eda80ffc000b99f27ec99d14
SHA1 2961c514b480424b3512d424dcd7d295477b243a
SHA256 e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab
SHA512 ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 c7368f2e472ca3e428ce9793d69fa3cd
SHA1 8064438a9d36f6b4bae2931ffaacb512c9e52e82
SHA256 c5a070567d238a43818fcabe6f0a99c470f03ec54042b3c95e91a548be20bf38
SHA512 0303c632b61b2b51950a45df7c0de6c215e950f7845dde6b58cb0f6a9af2b74cc77d49bcf79615e9a4a15ee2b2a4fa43a4a3a0adb2005b89ab16ab00e3717e72

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-synch-l1-2-0.dll

MD5 c64289ca3db488fd15f25a8762221633
SHA1 b61c550bbe975b3841d8f201a967c8c227512ce4
SHA256 726155c1d1e1f1778bca4d3952f54ab50035b65750d69e3bdf73cf9c52213c22
SHA512 81f7866185b3a7971ef4cf7c98dc6326c17191c36df753b57174c6766fe0b4a49d7ab7954f08d472d0bc9dcbb3329b6309475ec092cf4a174f0b8958847aaf3c

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-synch-l1-1-0.dll

MD5 de86a7505497ecf1be8c7aa6e8b1cb8d
SHA1 66220266ccf36a03b36f57b1f63f2e446349fbbd
SHA256 493072a7a15b11c5382394e98fa0007004f90aa533373e64f109273808d5251c
SHA512 07e323ad892304e4052fc46f2384c94dab4bb462ac9a5a2a7b6f8a411d98639324bd06146338d66cb295e4afd30942b5bd138bcb225496774b920d51572117dc

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-string-l1-1-0.dll

MD5 d5cc0ab1fe05976d71ae09911cef5a67
SHA1 16c7af053e6b6d128a5d9c14479b398537e1e1b0
SHA256 689c682fc9030ce9e228c8dea5fc981956bf78229ee8f30c5f63b2b9df813766
SHA512 843634364539a861eb38c5516c8c18ee00173cff5f24ad567a17430b1b53132db06a4ccd18f041972b11956a85dbdefc18ad11c9a9b3a2954e2c93113099877b

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 d3167bbc7d02d30bf9e5d60abd7bb05f
SHA1 33a5e59103d2049140f35945b377e6ee07e06b64
SHA256 2c2851d20158b0023eda056c477a57853b6d648053d4d57cad49e5ed574843b4
SHA512 243c55b57eab36bb468a187a973e1cbbc430ad29f5ed627d3f127817885704df57a3e9865b5e28c3811bada14e1942e5293b4ff8b382ea2ba242aec82c6c51c4

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-profile-l1-1-0.dll

MD5 d3291c9be1092f7d29018e7e45eb41c8
SHA1 8140fa723f59675ea8292b273edbc8892cb4b5bb
SHA256 edf1d0a1c9175c0392be3f15a6ed0be753b6df2b303876117becf47563db6f7f
SHA512 bc4626df89df4aad7e2524bf515934ab3b8bd7bba50853b8c6faec65967222feadce56a2f333758cea1b7b3a93eddde2865feab453c5f3bb9bdcc5a0cd3105f5

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-processthreads-l1-1-1.dll

MD5 81a255549e9b3467276810f94a67512d
SHA1 c3bf694f5d030d5a29ebb9ae70010be4571cec17
SHA256 8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2
SHA512 05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-processthreads-l1-1-0.dll

MD5 4039d2c04c32fa423cc6ce766f0532d9
SHA1 a8d0cac1bcfdc94289b2073c2a14422d929df62f
SHA256 979c28aab88b3a45eed546e2a857e1e9eb41cb035d78446ee668feb918227238
SHA512 c1a0f9920ce28d4a15e5543458f68cc64125dd1b24e7c9caad3eed2b13b8c903ca9f76c0ab82f5a688843626150d321c4353fab81697eae604acbfb920b464e5

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 cb39b789091823bbe8ea7c9a84343dcb
SHA1 4d0f56a3833abb4a52e9af6d8631ea443a407b3e
SHA256 3f5a60c6772417f286c89cc45fe97eeae69d1705fa65445230b71b53a0a1eee8
SHA512 23d393de9f9d7092f7eb79dd4aa45bca386b454caa9e91d1f09699a79b3382adc0a7b7d972fb9dc41e1e082adde8640edcef7cf444f50e4f14df93b89c823ecf

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 83d560d0c8844cd047ea818414ee43ab
SHA1 11fd30a76f3e0a0af294a4da15890a55a0de3528
SHA256 93d08d10dc60968fe6df4257ad79911045aabce0d6babd9d0714abb104ac1309
SHA512 06a293264dca9bf12309fbc56c3d5a0f62c3bc7a04986e55c8553b778c491d78f27f9bfbd22ad2ee6317bc985b41066db6e9cbc25b93d5137ae5da012afb55c2

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-memory-l1-1-0.dll

MD5 a241d82577b25ed4aa54ab02da7d82c9
SHA1 6cbc888c22a104109af2f084678b15576edbe465
SHA256 1b72a9b95e7d62c923f6b791c4251b63e6331660caf0f44385e6eb1901a9933e
SHA512 e51c246b80b56ea3912e849e18dbe7ff40a4a3e189475c96c570e71e05acdf89e97ffc533810a65172fc05f742b39ee9ef90e3fa0e4c9488f839c4c82fbc8560

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-localization-l1-2-0.dll

MD5 2395f675152f25bdc501c1b698b3f70a
SHA1 829eb4dee9604330072c124b9bddf4a4e96a7c98
SHA256 4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563
SHA512 7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 06ec6d562b0609529e615e795f093512
SHA1 db7c78e4b3f8a0eb4b392c9eef5774a571719f15
SHA256 b120d94a585170f84230d2a6826e3f02d0eb7bde37f965c1fdaf2ba52c5d82bc
SHA512 10773d831d4096130305ee10d611fb28caec213dfe5dd109115c86f7c26df34d7daaea0e6b2eb9eac8f4d59421485e90d6e722c78a55132c25d7b3c7c7222ef5

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f438ac3307c0de580adf6fb3d4ef57f8
SHA1 5d10ea60e004e583940a082b9157e801aa3c4674
SHA256 03ccd250ed3ef09013114094068dd08c96f0763778e94523e020241f7b16312b
SHA512 c323aae5bb8ce58f92fb8beceb5c60f1bec12f5aaac0c1a435e38de9a10226bdb92808bb2f4e7bf069aec435cb4aade6182d541de2174b8007f8a69a8aa0d264

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-heap-l1-1-0.dll

MD5 df603cd6cb0fe53fd77c065f2766b5e8
SHA1 0698b7b97a6f5174cdca0849bec001127f9f0b16
SHA256 e488e688b75b9f95451ad9c65586783e37c32b9952cb48286572c90b150ebbdd
SHA512 929f4868015306e5b84a1e2f341c12a792fe98d82cbcfabbbe79f932f80d81b98f1b6543da7d23e9153a68b00a3768fa9cd112382092104bd4810e3071723933

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-handle-l1-1-0.dll

MD5 7141a2a1640ac67e686778130ad8dd7d
SHA1 8f4ba743bc5df04b3075535507983cede7ed249d
SHA256 4a2265e71cd5c9b85f5c705755c23323c1c33aecd9ff72b6ba1b425b8170cf08
SHA512 6906bcdf8474e1fc9f69457cbae6635b18ddda69e3e42ac3b2eaa26aadd717e11b4fcd14e6ed6b5c4e318705c203498d77af8717becf94fd159075093f431440

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-file-l2-1-0.dll

MD5 621a34a36c202e4c4e59a6077c22cb5e
SHA1 ec696fd4e8e5935a722e88a551593593a12e882e
SHA256 746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079
SHA512 04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-file-l1-2-0.dll

MD5 fa6953700659b11c2d82fb521d2e8664
SHA1 07c7d14fdfd1686a424820f77733d1d4f3c75e31
SHA256 4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e
SHA512 1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-file-l1-1-0.dll

MD5 8b03d7c248a3b8d5a3ad1029af37c889
SHA1 868a0dde330fdcbf6d0d23900f2c65720ddf9a90
SHA256 4358b538205e9637e8ded05e8490dc0b673e0f756803da451e933411b0e0cb9e
SHA512 76d7e1ea0762a51cd5597e06e98dbd6af17124af57d1729e71ac994ffe7bbbf8be02e57dde31f76a5ea5e7194cceb24185d14fe378780dd1f1afd228fc012d9a

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 da9189023a6b7872de881052f3b990f9
SHA1 55bcebcfd6805ee5bdad78a425ac5e123ab7e807
SHA256 f38193429c05622df65bfa1428895197b851d981875737c55f1cfe04a88664ef
SHA512 b9d60a5588d835fd7eea7b9bec6564377505b53169db281bf80fc994657e5a3dc506d58fdcdec5b6f79346fd7c172546b59315d276fa691d2b7b495ecc23c2e2

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-debug-l1-1-0.dll

MD5 9936abac26b97057e61a5a8346bc26c9
SHA1 16f37a510ecc2a9119e99797e99c4d2468eb39f6
SHA256 d4de4b05b001028456087425ff66044b62bfda3076bff084f9be7843f517c584
SHA512 7404c4a2f884c952a9d0bca9dde757d05db9a74892823d239e70afa40360220896e22853dad19f6d3e8a130ef6a936ded1d53af99d0afd7fd23babd2e0b0842a

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-datetime-l1-1-0.dll

MD5 faecbfdacc6dc01b0455ea7b4576de99
SHA1 62fe4962a5900ffb94a05e6577dc5d63d90b3000
SHA256 2b2ed0fe1be4713b33d150828ec0813fd4ecdcac8021a39e37fd8fe64bd21157
SHA512 68dca96b1cf711e5fa283c355183a3f8f2db84081f07fd534d36dc68b4ea6e32e58b9be38fd51d743212d2d698ae656474b30c85a86321d58d1c0947911602e6

C:\Users\Admin\AppData\Local\Temp\_MEI44842\api-ms-win-core-console-l1-1-0.dll

MD5 feb41d426bf3cdfcc7d21464c26aed53
SHA1 97a56392ec04e202d59978dc6670d5e76a2be6c1
SHA256 299bf8705f61598548975e0b122debedf5dc928fc874801d8988d64b7d623da1
SHA512 2b962112bad1a754e2cbd3f3f29538dcf1132fa59e298bfa18d1b706d967735e02c524c3a993a2040a9ae94e387ede394c7f67d348e50e0ef40815ce67630866

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-20 16:53

Reported

2024-06-20 16:55

Platform

win10v2004-20240611-en

Max time kernel

86s

Max time network

89s

Command Line

"C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633761005846174" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3376 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe
PID 3376 wrote to memory of 2612 N/A C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe
PID 3656 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4792 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4348 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 2312 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3656 wrote to memory of 4328 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe

"C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe"

C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe

"C:\Users\Admin\AppData\Local\Temp\mitmproxy.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ae05ab58,0x7ff9ae05ab68,0x7ff9ae05ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1984 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2188 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2940 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2948 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3584 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4532 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4668 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4872 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4936 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4896 --field-trial-handle=2044,i,10043797356028198448,15253654907967128356,131072 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 13.107.21.237:443 g.bing.com tcp
NL 23.62.61.72:443 www.bing.com tcp
US 8.8.8.8:53 72.61.62.23.in-addr.arpa udp
N/A 127.0.0.1:56056 tcp
N/A 127.0.0.1:56058 tcp
N/A 127.0.0.1:56060 tcp
N/A 127.0.0.1:56062 tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 195.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 42.169.217.172.in-addr.arpa udp
GB 142.250.187.196:443 www.google.com udp
GB 142.250.187.196:443 www.google.com tcp
US 8.8.8.8:53 196.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.212.58.216.in-addr.arpa udp
US 8.8.8.8:53 play.google.com udp
GB 172.217.169.46:443 play.google.com udp
US 8.8.8.8:53 46.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 clients2.google.com udp
GB 142.250.187.206:443 clients2.google.com udp
N/A 224.0.0.251:5353 udp
GB 142.250.187.206:443 clients2.google.com tcp
US 8.8.8.8:53 206.187.250.142.in-addr.arpa udp
US 8.8.8.8:53 99.201.58.216.in-addr.arpa udp
US 8.8.8.8:53 82.90.14.23.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI33762\itsdangerous-2.2.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI33762\ucrtbase.dll

MD5 637c17ad8bccc838b0cf83ffb8e2c7fd
SHA1 b2dd2890668e589badb2ba61a27c1da503d73c39
SHA256 be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed
SHA512 f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

C:\Users\Admin\AppData\Local\Temp\_MEI33762\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI33762\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI33762\_ctypes.pyd

MD5 bbd5533fc875a4a075097a7c6aba865e
SHA1 ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
SHA256 be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
SHA512 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

C:\Users\Admin\AppData\Local\Temp\_MEI33762\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI33762\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI33762\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI33762\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI33762\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI33762\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI33762\_cffi_backend.cp312-win_amd64.pyd

MD5 0572b13646141d0b1a5718e35549577c
SHA1 eeb40363c1f456c1c612d3c7e4923210eae4cdf7
SHA256 d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7
SHA512 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

C:\Users\Admin\AppData\Local\Temp\_MEI33762\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI33762\_brotli.cp312-win_amd64.pyd

MD5 9ad5bb6f92ee2cfd29dde8dd4da99eb7
SHA1 30a8309938c501b336fd3947de46c03f1bb19dc8
SHA256 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8
SHA512 a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

C:\Users\Admin\AppData\Local\Temp\_MEI33762\_asyncio.pyd

MD5 28d2a0405be6de3d168f28109030130c
SHA1 7151eccbd204b7503f34088a279d654cfe2260c9
SHA256 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d
SHA512 b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

C:\Users\Admin\AppData\Local\Temp\_MEI33762\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI33762\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI33762\pyexpat.pyd

MD5 5e911ca0010d5c9dce50c58b703e0d80
SHA1 89be290bebab337417c41bab06f43effb4799671
SHA256 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b
SHA512 e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

C:\Users\Admin\AppData\Local\Temp\_MEI33762\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI33762\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-utility-l1-1-0.dll

MD5 3138b144c99759b77dbd488dc91134ae
SHA1 664718852f84ad49623ffd401fac7959eda57704
SHA256 3f78ca473da2335c8f26e32ac5a12ab6a76e4c415d923a930abbc0ef5630c835
SHA512 4e5c519facb1580eca906821d0956b750c63f8882acd5dd0be1531ee2ee45e8b0fb10de6db0f1cd254844131680e19206942d7be24e976bd34cf1ebfa434b16b

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-time-l1-1-0.dll

MD5 7e767ac571d63bcaeb64e243b2600b8d
SHA1 995ce687f655ff937fdf80c1ac7bae043e23e45a
SHA256 c7643c68c3a33a2f67edca02d713749cafeb200daf1f3db7bd2eb168809132ab
SHA512 10b0f0c4844b4beef38d9bd51bbde19ff83caa8e9ac2673528056535872b07e48515c973c50dea9da0ac335cf1a98374d31f52cb04bb0e95eb0e5e6337eee95e

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-string-l1-1-0.dll

MD5 017cd4317c9ff229fe723b4cef459e06
SHA1 d4355b4257d2efd5b1fc1a8b1ec8fbcde2260c75
SHA256 9800d19f55385efdb4bb215d7de0773fb9574fd5ce2773f0217973c780bb8ccf
SHA512 513e20936e54e179772669a5c097e61369e6b9e62b7a8c246e4bb518a190078968b6aa8c434418eae739b2081421faec4e396ae21803d383e853c77c8b914dc7

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-stdio-l1-1-0.dll

MD5 7f21f2ae857b6ed53ba086feca60e4d9
SHA1 abf957cf28b85c48a86ae255c36a978b4f1e0744
SHA256 479e452662de08c4f65572d78ad553d8a9ce0612e39e3b2aa274b77b40b398f2
SHA512 1a2d46806b48cf91beb7dcc9219af80f02d622b1aa9af7785e6b92dca138781a04a3c1bcc15f166fff96ee6bf3be19ae63e32b74a57d0f281acc1685fbca8148

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-runtime-l1-1-0.dll

MD5 9206d6bb749266ac31da559029003fbb
SHA1 496d3051b66d93951253686b73023b64350b521b
SHA256 19da9d0027faed99ef3685a706da4256a24bc705e1f3c0dfcb89df0508620814
SHA512 cd316a52b289e223f607a88033efe1de085a1fba3228a55900ef5908bd90c6342930bdfb73a1ae995c5e496977336186bb3c4e1a0f4f3de52a6465014ee917bf

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-process-l1-1-0.dll

MD5 e9208bf204cc2f705533328fa24f3a8b
SHA1 d2d6549d7a85dfb4d5877c59f3ba110985a202c9
SHA256 c679988b7dac986ec8d92b994d92b9979e565f6adbfd356b66a920f20e9caa86
SHA512 fb648540545c25d15a19cb9605fd78cbb5a214ff4d91d925400632aca85b59611493db71c65182cc189529fe767bcee114ac7e6c7980afa64875ca622ff1b038

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-math-l1-1-0.dll

MD5 0d517e23b98b6e465214a25b0e73a49b
SHA1 8900d523d919a42ef4750eee7ce87cfb835fa455
SHA256 90d5f4615e9aadf8f38f98a8443ca3cdcee6f082d07ee2abd1a74204dbefe73a
SHA512 d850881bd7b042051fecee9e2fb4be105184e678c82d25095f88dc3c4e6ca9eb4ef818eee36443a62a1f54225a5213363b5a058d3a70baa29dd83f44dc9a1eb4

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-locale-l1-1-0.dll

MD5 ed7e63157d241abb713998265b3987d1
SHA1 00d80cfe269434a4bbc7b2266e0e3d7f7ff72f2f
SHA256 3afe87a1dd2463fc3a9b5ba0bfc97fb3689764ac10d2c408f5a7b7d6caf06657
SHA512 3e89d1c1c3fca451a3d693873ebf58cceb73720c4c56d7449a96192fd240ac285a3da4e200ec289bfd5cfcfbdac4d83671059ed672739ca83deef9c891d84165

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-heap-l1-1-0.dll

MD5 dd79fe03815d8d96a70955257b85d025
SHA1 d98f5a2d2d52fc361064427fdecffbe1620b1d68
SHA256 505b61565d51d0c95d9bc77337d063cd18c97a575f5e318cc5a0458d10ef4638
SHA512 3fa3d9a9cddb493786c557f0738c6fad181a862749447c8172093709c4e931708cce12c9d177dbc4f9a0de0f950ebeaf02271e7cbc2b1f177e9c7f838b9ad7d0

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 442a686b00c22cc9affcecb15a569267
SHA1 10f02b15493737d30aacebad19ecadb8bab81817
SHA256 cb0be4a28ff15650353aa3ea778e7b4076f77d394b6c406b2d288a8ccdf88a05
SHA512 3d1da7ce726a435629d492ee2191e9818ddc975fc686835d61f1259fbb123de522f419a4571fb24c2c5227a2d12a83db2815aca6b7360a75a4b0671ea212acbd

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-environment-l1-1-0.dll

MD5 0ed33abfad3cedf07f538e2152443683
SHA1 78eed147eb33efd14f03d8e2fbe0ec0f41ae4056
SHA256 f76d2547bfc429e14b49d030679fdefa12383c1f3a8e09fa69b760a89f469e9a
SHA512 42b9417b464f6ddd45294e85b3f9143e5c76f512ca70214d1fc302f0cd28c8b7c29d9e213c78861d10ef4316aa02c14ecec2d9bc5a8021880f4186798eb4e317

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-convert-l1-1-0.dll

MD5 d360a829d5376ff0961f62bbe5ac9e06
SHA1 7965077b47bf9949570656df5160f55d27eed1a4
SHA256 6db47157030960e7106cec7825601ce7a33ea58ece603c90ecd9532ece1d1afe
SHA512 aaeed59b187bb277239a07e539e34520e8bc321e4f398e44ee396751e76c189c0180171202380974f12c1c302e77b533b7a93898dd8ddfd5c524143a22b3b748

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-crt-conio-l1-1-0.dll

MD5 218334da1ed369d2b694d3dff42da6ce
SHA1 afcb936ebfc7a2d6cd3b0c7f25a3fb125bcb8a8a
SHA256 b6ff4feabbe5f1fdc56f2e4e440dd8258702c3fc2a314440100319a62304baff
SHA512 9f2d009935b0847f89639b80c79dbe0fdfd08aa0c958ff67665a90971d3b304edf0e87b99112ca3ce988c2065147a41b63f47cd107d3a02e1a164ceb9bc4c13d

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-util-l1-1-0.dll

MD5 fa11fa74380735a5b8d4b309de4854be
SHA1 328959db39043cf7591cb18faec351957695f788
SHA256 167e6e08e570e1ce34854781463c218bf14124a4112216b5f93d38d3c204e62a
SHA512 a82f457868374c92322f7508f2ed98504e62b670621ba17ad636044a8198f5be56be46b25426bec1b85dd79b3de7c2a00bec33bd9246bc136a208a6d6e5f335f

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-timezone-l1-1-0.dll

MD5 59f3aeb2eda80ffc000b99f27ec99d14
SHA1 2961c514b480424b3512d424dcd7d295477b243a
SHA256 e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab
SHA512 ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 c7368f2e472ca3e428ce9793d69fa3cd
SHA1 8064438a9d36f6b4bae2931ffaacb512c9e52e82
SHA256 c5a070567d238a43818fcabe6f0a99c470f03ec54042b3c95e91a548be20bf38
SHA512 0303c632b61b2b51950a45df7c0de6c215e950f7845dde6b58cb0f6a9af2b74cc77d49bcf79615e9a4a15ee2b2a4fa43a4a3a0adb2005b89ab16ab00e3717e72

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-synch-l1-2-0.dll

MD5 c64289ca3db488fd15f25a8762221633
SHA1 b61c550bbe975b3841d8f201a967c8c227512ce4
SHA256 726155c1d1e1f1778bca4d3952f54ab50035b65750d69e3bdf73cf9c52213c22
SHA512 81f7866185b3a7971ef4cf7c98dc6326c17191c36df753b57174c6766fe0b4a49d7ab7954f08d472d0bc9dcbb3329b6309475ec092cf4a174f0b8958847aaf3c

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-synch-l1-1-0.dll

MD5 de86a7505497ecf1be8c7aa6e8b1cb8d
SHA1 66220266ccf36a03b36f57b1f63f2e446349fbbd
SHA256 493072a7a15b11c5382394e98fa0007004f90aa533373e64f109273808d5251c
SHA512 07e323ad892304e4052fc46f2384c94dab4bb462ac9a5a2a7b6f8a411d98639324bd06146338d66cb295e4afd30942b5bd138bcb225496774b920d51572117dc

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-string-l1-1-0.dll

MD5 d5cc0ab1fe05976d71ae09911cef5a67
SHA1 16c7af053e6b6d128a5d9c14479b398537e1e1b0
SHA256 689c682fc9030ce9e228c8dea5fc981956bf78229ee8f30c5f63b2b9df813766
SHA512 843634364539a861eb38c5516c8c18ee00173cff5f24ad567a17430b1b53132db06a4ccd18f041972b11956a85dbdefc18ad11c9a9b3a2954e2c93113099877b

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 d3167bbc7d02d30bf9e5d60abd7bb05f
SHA1 33a5e59103d2049140f35945b377e6ee07e06b64
SHA256 2c2851d20158b0023eda056c477a57853b6d648053d4d57cad49e5ed574843b4
SHA512 243c55b57eab36bb468a187a973e1cbbc430ad29f5ed627d3f127817885704df57a3e9865b5e28c3811bada14e1942e5293b4ff8b382ea2ba242aec82c6c51c4

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-profile-l1-1-0.dll

MD5 d3291c9be1092f7d29018e7e45eb41c8
SHA1 8140fa723f59675ea8292b273edbc8892cb4b5bb
SHA256 edf1d0a1c9175c0392be3f15a6ed0be753b6df2b303876117becf47563db6f7f
SHA512 bc4626df89df4aad7e2524bf515934ab3b8bd7bba50853b8c6faec65967222feadce56a2f333758cea1b7b3a93eddde2865feab453c5f3bb9bdcc5a0cd3105f5

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-processthreads-l1-1-1.dll

MD5 81a255549e9b3467276810f94a67512d
SHA1 c3bf694f5d030d5a29ebb9ae70010be4571cec17
SHA256 8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2
SHA512 05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-processthreads-l1-1-0.dll

MD5 4039d2c04c32fa423cc6ce766f0532d9
SHA1 a8d0cac1bcfdc94289b2073c2a14422d929df62f
SHA256 979c28aab88b3a45eed546e2a857e1e9eb41cb035d78446ee668feb918227238
SHA512 c1a0f9920ce28d4a15e5543458f68cc64125dd1b24e7c9caad3eed2b13b8c903ca9f76c0ab82f5a688843626150d321c4353fab81697eae604acbfb920b464e5

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 cb39b789091823bbe8ea7c9a84343dcb
SHA1 4d0f56a3833abb4a52e9af6d8631ea443a407b3e
SHA256 3f5a60c6772417f286c89cc45fe97eeae69d1705fa65445230b71b53a0a1eee8
SHA512 23d393de9f9d7092f7eb79dd4aa45bca386b454caa9e91d1f09699a79b3382adc0a7b7d972fb9dc41e1e082adde8640edcef7cf444f50e4f14df93b89c823ecf

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 83d560d0c8844cd047ea818414ee43ab
SHA1 11fd30a76f3e0a0af294a4da15890a55a0de3528
SHA256 93d08d10dc60968fe6df4257ad79911045aabce0d6babd9d0714abb104ac1309
SHA512 06a293264dca9bf12309fbc56c3d5a0f62c3bc7a04986e55c8553b778c491d78f27f9bfbd22ad2ee6317bc985b41066db6e9cbc25b93d5137ae5da012afb55c2

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-memory-l1-1-0.dll

MD5 a241d82577b25ed4aa54ab02da7d82c9
SHA1 6cbc888c22a104109af2f084678b15576edbe465
SHA256 1b72a9b95e7d62c923f6b791c4251b63e6331660caf0f44385e6eb1901a9933e
SHA512 e51c246b80b56ea3912e849e18dbe7ff40a4a3e189475c96c570e71e05acdf89e97ffc533810a65172fc05f742b39ee9ef90e3fa0e4c9488f839c4c82fbc8560

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-localization-l1-2-0.dll

MD5 2395f675152f25bdc501c1b698b3f70a
SHA1 829eb4dee9604330072c124b9bddf4a4e96a7c98
SHA256 4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563
SHA512 7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 06ec6d562b0609529e615e795f093512
SHA1 db7c78e4b3f8a0eb4b392c9eef5774a571719f15
SHA256 b120d94a585170f84230d2a6826e3f02d0eb7bde37f965c1fdaf2ba52c5d82bc
SHA512 10773d831d4096130305ee10d611fb28caec213dfe5dd109115c86f7c26df34d7daaea0e6b2eb9eac8f4d59421485e90d6e722c78a55132c25d7b3c7c7222ef5

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f438ac3307c0de580adf6fb3d4ef57f8
SHA1 5d10ea60e004e583940a082b9157e801aa3c4674
SHA256 03ccd250ed3ef09013114094068dd08c96f0763778e94523e020241f7b16312b
SHA512 c323aae5bb8ce58f92fb8beceb5c60f1bec12f5aaac0c1a435e38de9a10226bdb92808bb2f4e7bf069aec435cb4aade6182d541de2174b8007f8a69a8aa0d264

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-heap-l1-1-0.dll

MD5 df603cd6cb0fe53fd77c065f2766b5e8
SHA1 0698b7b97a6f5174cdca0849bec001127f9f0b16
SHA256 e488e688b75b9f95451ad9c65586783e37c32b9952cb48286572c90b150ebbdd
SHA512 929f4868015306e5b84a1e2f341c12a792fe98d82cbcfabbbe79f932f80d81b98f1b6543da7d23e9153a68b00a3768fa9cd112382092104bd4810e3071723933

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-handle-l1-1-0.dll

MD5 7141a2a1640ac67e686778130ad8dd7d
SHA1 8f4ba743bc5df04b3075535507983cede7ed249d
SHA256 4a2265e71cd5c9b85f5c705755c23323c1c33aecd9ff72b6ba1b425b8170cf08
SHA512 6906bcdf8474e1fc9f69457cbae6635b18ddda69e3e42ac3b2eaa26aadd717e11b4fcd14e6ed6b5c4e318705c203498d77af8717becf94fd159075093f431440

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-file-l2-1-0.dll

MD5 621a34a36c202e4c4e59a6077c22cb5e
SHA1 ec696fd4e8e5935a722e88a551593593a12e882e
SHA256 746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079
SHA512 04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-file-l1-2-0.dll

MD5 fa6953700659b11c2d82fb521d2e8664
SHA1 07c7d14fdfd1686a424820f77733d1d4f3c75e31
SHA256 4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e
SHA512 1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-file-l1-1-0.dll

MD5 8b03d7c248a3b8d5a3ad1029af37c889
SHA1 868a0dde330fdcbf6d0d23900f2c65720ddf9a90
SHA256 4358b538205e9637e8ded05e8490dc0b673e0f756803da451e933411b0e0cb9e
SHA512 76d7e1ea0762a51cd5597e06e98dbd6af17124af57d1729e71ac994ffe7bbbf8be02e57dde31f76a5ea5e7194cceb24185d14fe378780dd1f1afd228fc012d9a

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 da9189023a6b7872de881052f3b990f9
SHA1 55bcebcfd6805ee5bdad78a425ac5e123ab7e807
SHA256 f38193429c05622df65bfa1428895197b851d981875737c55f1cfe04a88664ef
SHA512 b9d60a5588d835fd7eea7b9bec6564377505b53169db281bf80fc994657e5a3dc506d58fdcdec5b6f79346fd7c172546b59315d276fa691d2b7b495ecc23c2e2

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-debug-l1-1-0.dll

MD5 9936abac26b97057e61a5a8346bc26c9
SHA1 16f37a510ecc2a9119e99797e99c4d2468eb39f6
SHA256 d4de4b05b001028456087425ff66044b62bfda3076bff084f9be7843f517c584
SHA512 7404c4a2f884c952a9d0bca9dde757d05db9a74892823d239e70afa40360220896e22853dad19f6d3e8a130ef6a936ded1d53af99d0afd7fd23babd2e0b0842a

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-datetime-l1-1-0.dll

MD5 faecbfdacc6dc01b0455ea7b4576de99
SHA1 62fe4962a5900ffb94a05e6577dc5d63d90b3000
SHA256 2b2ed0fe1be4713b33d150828ec0813fd4ecdcac8021a39e37fd8fe64bd21157
SHA512 68dca96b1cf711e5fa283c355183a3f8f2db84081f07fd534d36dc68b4ea6e32e58b9be38fd51d743212d2d698ae656474b30c85a86321d58d1c0947911602e6

C:\Users\Admin\AppData\Local\Temp\_MEI33762\api-ms-win-core-console-l1-1-0.dll

MD5 feb41d426bf3cdfcc7d21464c26aed53
SHA1 97a56392ec04e202d59978dc6670d5e76a2be6c1
SHA256 299bf8705f61598548975e0b122debedf5dc928fc874801d8988d64b7d623da1
SHA512 2b962112bad1a754e2cbd3f3f29538dcf1132fa59e298bfa18d1b706d967735e02c524c3a993a2040a9ae94e387ede394c7f67d348e50e0ef40815ce67630866

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6375d0f6bf9214ea56f0b233521630d2
SHA1 69a036f77766a5eb43d47bb002a0ec4e2fdf0ccf
SHA256 90ce9eea462bf410fb2fecda2d568a0ee4b33ca229ff6c7034d1a5fcd093ac25
SHA512 121e4fdfb06467ab0e7879e6b34b2d4345b6f17a5bb020d91845b0dbeeaae71b3ab35bd40f967b3e002e21faffaa324961a2ef9e2a8b5b1699e71606483f715b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c31567a05d57f9bcb897fa283c0bbe09
SHA1 66fda77f9b091473edc13a51ca0828acc117d3bf
SHA256 f054fe3046275e6b051a1862afae0e15bb8433b7f9ed9416fdf283d1fd215a0a
SHA512 97308ddcd3ed3ca6a4dead9cd7c7ca9b10d7cdd951cfdb7b04bbc6d62afc2933cf5ef807458cabdedaec46063109c2c2776f5db1706c1d25607d92b2937a57c5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 edea916ed41e0f15b2a957ab1d910670
SHA1 e04c99f991f7f13ea9d4ec4da51b50ea0b71259c
SHA256 c61833a44de7ece973cfe9c396a7a97e48dd7166dc1eb1eca6f8ac6b23fcd2ad
SHA512 0a48a5df474aab1a65e29215433248a1322411fd052a327d7951729a474d8638c95e80949740791c90f0b2ea92bb62b76e54b28b5cf5f9bc806a77c57d8f892a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

MD5 46fd92e3d74654695223fb4d34b8bdb4
SHA1 98f546868a8d85de4b7dbfadd8a5cc862e97375c
SHA256 1250fa692ba8ef68388dd320970bfe6b46d0efb0404ae37f84a32542c4ff74ca
SHA512 5de7445e49fd2b31a3145fa34e92159c90112d0fea0d3c57078faecd741736ed05d62a934e494f8a302ba9639553d2985cc8bb1538b2eb2a421e3b22c0105bf9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 ff6ba9aacad50da650b2a3db5c40cd02
SHA1 5cd97b6e309d49ff98ab9e7f7266e2350c4f1525
SHA256 23d848d078cf4db87f34fec30852e3d6966cc9af389229541094a4baf6f1ea06
SHA512 de374409a389b509bce5275b64cae884424d09a67a39e33a73daef135a1e496d677431c81b62b81cc029138510c15bbb0bb5ebd2e6e2da82a3b8357a20f32afb

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-20 16:53

Reported

2024-06-20 16:55

Platform

win10v2004-20240611-en

Max time kernel

90s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\mitmweb.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe N/A

Enumerates physical storage devices

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1556 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe C:\Users\Admin\AppData\Local\Temp\mitmweb.exe
PID 1556 wrote to memory of 2496 N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe C:\Users\Admin\AppData\Local\Temp\mitmweb.exe
PID 2496 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 2496 wrote to memory of 4316 N/A C:\Users\Admin\AppData\Local\Temp\mitmweb.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 2748 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 1316 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 4356 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4316 wrote to memory of 452 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\mitmweb.exe

"C:\Users\Admin\AppData\Local\Temp\mitmweb.exe"

C:\Users\Admin\AppData\Local\Temp\mitmweb.exe

"C:\Users\Admin\AppData\Local\Temp\mitmweb.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:8081/

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa5fa646f8,0x7ffa5fa64708,0x7ffa5fa64718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5076 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8677217928861447591,7755090884939456040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
NL 23.62.61.97:443 www.bing.com tcp
N/A 127.0.0.1:60768 tcp
N/A 127.0.0.1:60770 tcp
US 8.8.8.8:53 97.61.62.23.in-addr.arpa udp
N/A 127.0.0.1:8081 tcp
N/A 127.0.0.1:8081 tcp
N/A 127.0.0.1:8081 tcp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 140.71.91.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_MEI15562\itsdangerous-2.2.0.dist-info\INSTALLER

MD5 365c9bfeb7d89244f2ce01c1de44cb85
SHA1 d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256 ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512 d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

C:\Users\Admin\AppData\Local\Temp\_MEI15562\ucrtbase.dll

MD5 637c17ad8bccc838b0cf83ffb8e2c7fd
SHA1 b2dd2890668e589badb2ba61a27c1da503d73c39
SHA256 be7368df484688493fb49fb0c4ad641485070190db62a2c071c9c50612e43fed
SHA512 f6b727c319ca2e85a9b5c5e0b9d8b9023f0cf4193fab983cfa26060923374c6abd6d11db1da2e524a8b04622a4e13beb4c48dc23f98886d4abb33eb09f3a0776

C:\Users\Admin\AppData\Local\Temp\_MEI15562\python312.dll

MD5 3c388ce47c0d9117d2a50b3fa5ac981d
SHA1 038484ff7460d03d1d36c23f0de4874cbaea2c48
SHA256 c98ba3354a7d1f69bdca42560feec933ccba93afcc707391049a065e1079cddb
SHA512 e529c5c1c028be01e44a156cd0e7cad0a24b5f91e5d34697fafc395b63e37780dc0fac8f4c5d075ad8fe4bd15d62a250b818ff3d4ead1e281530a4c7e3ce6d35

C:\Users\Admin\AppData\Local\Temp\_MEI15562\VCRUNTIME140.dll

MD5 be8dbe2dc77ebe7f88f910c61aec691a
SHA1 a19f08bb2b1c1de5bb61daf9f2304531321e0e40
SHA256 4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83
SHA512 0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

C:\Users\Admin\AppData\Local\Temp\_MEI15562\base_library.zip

MD5 8dad91add129dca41dd17a332a64d593
SHA1 70a4ec5a17ed63caf2407bd76dc116aca7765c0d
SHA256 8de4f013bfecb9431aabaa97bb084fb7de127b365b9478d6f7610959bf0d2783
SHA512 2163414bc01fc30d47d1de763a8332afe96ea7b296665b1a0840d5197b7e56f4963938e69de35cd2bf89158e5e2240a1650d00d86634ac2a5e2ad825455a2d50

C:\Users\Admin\AppData\Local\Temp\_MEI15562\_ctypes.pyd

MD5 bbd5533fc875a4a075097a7c6aba865e
SHA1 ab91e62c6d02d211a1c0683cb6c5b0bdd17cbf00
SHA256 be9828a877e412b48d75addc4553d2d2a60ae762a3551f9731b50cae7d65b570
SHA512 23ef351941f459dee7ed2cebbae21969e97b61c0d877cfe15e401c36369d2a2491ca886be789b1a0c5066d6a8835fd06db28b5b28fb6e9df84c2d0b0d8e9850e

C:\Users\Admin\AppData\Local\Temp\_MEI15562\python3.DLL

MD5 79b02450d6ca4852165036c8d4eaed1f
SHA1 ce9ff1b302426d4c94a2d3ea81531d3cb9e583e4
SHA256 d2e348e615a5d3b08b0bac29b91f79b32f0c1d0be48976450042462466b51123
SHA512 47044d18db3a4dd58a93b43034f4fafa66821d157dcfefb85fca2122795f4591dc69a82eb2e0ebd9183075184368850e4caf9c9fea0cfe6f766c73a60ffdf416

C:\Users\Admin\AppData\Local\Temp\_MEI15562\libffi-8.dll

MD5 0f8e4992ca92baaf54cc0b43aaccce21
SHA1 c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256 eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA512 6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-timezone-l1-1-0.dll

MD5 59f3aeb2eda80ffc000b99f27ec99d14
SHA1 2961c514b480424b3512d424dcd7d295477b243a
SHA256 e1c41c6525ed510aa75ec671f86d22a005ffd9a856a74dcf09bf3256e301a8ab
SHA512 ff1980c859c7a23ded484a51e596fd591df855e0266961c4620373d42190152f92df83683779a79561d46bd5d238d7d178cfa2952dee316a742a72835be44992

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-sysinfo-l1-1-0.dll

MD5 c7368f2e472ca3e428ce9793d69fa3cd
SHA1 8064438a9d36f6b4bae2931ffaacb512c9e52e82
SHA256 c5a070567d238a43818fcabe6f0a99c470f03ec54042b3c95e91a548be20bf38
SHA512 0303c632b61b2b51950a45df7c0de6c215e950f7845dde6b58cb0f6a9af2b74cc77d49bcf79615e9a4a15ee2b2a4fa43a4a3a0adb2005b89ab16ab00e3717e72

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-synch-l1-2-0.dll

MD5 c64289ca3db488fd15f25a8762221633
SHA1 b61c550bbe975b3841d8f201a967c8c227512ce4
SHA256 726155c1d1e1f1778bca4d3952f54ab50035b65750d69e3bdf73cf9c52213c22
SHA512 81f7866185b3a7971ef4cf7c98dc6326c17191c36df753b57174c6766fe0b4a49d7ab7954f08d472d0bc9dcbb3329b6309475ec092cf4a174f0b8958847aaf3c

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-synch-l1-1-0.dll

MD5 de86a7505497ecf1be8c7aa6e8b1cb8d
SHA1 66220266ccf36a03b36f57b1f63f2e446349fbbd
SHA256 493072a7a15b11c5382394e98fa0007004f90aa533373e64f109273808d5251c
SHA512 07e323ad892304e4052fc46f2384c94dab4bb462ac9a5a2a7b6f8a411d98639324bd06146338d66cb295e4afd30942b5bd138bcb225496774b920d51572117dc

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-string-l1-1-0.dll

MD5 d5cc0ab1fe05976d71ae09911cef5a67
SHA1 16c7af053e6b6d128a5d9c14479b398537e1e1b0
SHA256 689c682fc9030ce9e228c8dea5fc981956bf78229ee8f30c5f63b2b9df813766
SHA512 843634364539a861eb38c5516c8c18ee00173cff5f24ad567a17430b1b53132db06a4ccd18f041972b11956a85dbdefc18ad11c9a9b3a2954e2c93113099877b

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-rtlsupport-l1-1-0.dll

MD5 d3167bbc7d02d30bf9e5d60abd7bb05f
SHA1 33a5e59103d2049140f35945b377e6ee07e06b64
SHA256 2c2851d20158b0023eda056c477a57853b6d648053d4d57cad49e5ed574843b4
SHA512 243c55b57eab36bb468a187a973e1cbbc430ad29f5ed627d3f127817885704df57a3e9865b5e28c3811bada14e1942e5293b4ff8b382ea2ba242aec82c6c51c4

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-profile-l1-1-0.dll

MD5 d3291c9be1092f7d29018e7e45eb41c8
SHA1 8140fa723f59675ea8292b273edbc8892cb4b5bb
SHA256 edf1d0a1c9175c0392be3f15a6ed0be753b6df2b303876117becf47563db6f7f
SHA512 bc4626df89df4aad7e2524bf515934ab3b8bd7bba50853b8c6faec65967222feadce56a2f333758cea1b7b3a93eddde2865feab453c5f3bb9bdcc5a0cd3105f5

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-processthreads-l1-1-1.dll

MD5 81a255549e9b3467276810f94a67512d
SHA1 c3bf694f5d030d5a29ebb9ae70010be4571cec17
SHA256 8447c3c56f83e5a9407bf446cfc037d149b945611f03798f731e49145fca81c2
SHA512 05e6d83baa20b38d8710ed06c62ef8603c37d70fd0f6036f54a50ad041575d52f23c56bcebb12df8bf7cd9327c46522e59bcda47e2fcabfb0e5c11247708afa4

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-processthreads-l1-1-0.dll

MD5 4039d2c04c32fa423cc6ce766f0532d9
SHA1 a8d0cac1bcfdc94289b2073c2a14422d929df62f
SHA256 979c28aab88b3a45eed546e2a857e1e9eb41cb035d78446ee668feb918227238
SHA512 c1a0f9920ce28d4a15e5543458f68cc64125dd1b24e7c9caad3eed2b13b8c903ca9f76c0ab82f5a688843626150d321c4353fab81697eae604acbfb920b464e5

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-processenvironment-l1-1-0.dll

MD5 cb39b789091823bbe8ea7c9a84343dcb
SHA1 4d0f56a3833abb4a52e9af6d8631ea443a407b3e
SHA256 3f5a60c6772417f286c89cc45fe97eeae69d1705fa65445230b71b53a0a1eee8
SHA512 23d393de9f9d7092f7eb79dd4aa45bca386b454caa9e91d1f09699a79b3382adc0a7b7d972fb9dc41e1e082adde8640edcef7cf444f50e4f14df93b89c823ecf

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-namedpipe-l1-1-0.dll

MD5 83d560d0c8844cd047ea818414ee43ab
SHA1 11fd30a76f3e0a0af294a4da15890a55a0de3528
SHA256 93d08d10dc60968fe6df4257ad79911045aabce0d6babd9d0714abb104ac1309
SHA512 06a293264dca9bf12309fbc56c3d5a0f62c3bc7a04986e55c8553b778c491d78f27f9bfbd22ad2ee6317bc985b41066db6e9cbc25b93d5137ae5da012afb55c2

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-memory-l1-1-0.dll

MD5 a241d82577b25ed4aa54ab02da7d82c9
SHA1 6cbc888c22a104109af2f084678b15576edbe465
SHA256 1b72a9b95e7d62c923f6b791c4251b63e6331660caf0f44385e6eb1901a9933e
SHA512 e51c246b80b56ea3912e849e18dbe7ff40a4a3e189475c96c570e71e05acdf89e97ffc533810a65172fc05f742b39ee9ef90e3fa0e4c9488f839c4c82fbc8560

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-localization-l1-2-0.dll

MD5 2395f675152f25bdc501c1b698b3f70a
SHA1 829eb4dee9604330072c124b9bddf4a4e96a7c98
SHA256 4173e50962540ec0708930d7c456164d4e0fa96d49efb034621eb06e67ac0563
SHA512 7c0125e248387d268a337fa2a0090e6b8713e6205d22fb23a4ce9635fb0f5b79a0e3d28aab3050cc0445ef065632052c23341b1ac22dbd947ac4262fd63a1b51

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-libraryloader-l1-1-0.dll

MD5 06ec6d562b0609529e615e795f093512
SHA1 db7c78e4b3f8a0eb4b392c9eef5774a571719f15
SHA256 b120d94a585170f84230d2a6826e3f02d0eb7bde37f965c1fdaf2ba52c5d82bc
SHA512 10773d831d4096130305ee10d611fb28caec213dfe5dd109115c86f7c26df34d7daaea0e6b2eb9eac8f4d59421485e90d6e722c78a55132c25d7b3c7c7222ef5

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-interlocked-l1-1-0.dll

MD5 f438ac3307c0de580adf6fb3d4ef57f8
SHA1 5d10ea60e004e583940a082b9157e801aa3c4674
SHA256 03ccd250ed3ef09013114094068dd08c96f0763778e94523e020241f7b16312b
SHA512 c323aae5bb8ce58f92fb8beceb5c60f1bec12f5aaac0c1a435e38de9a10226bdb92808bb2f4e7bf069aec435cb4aade6182d541de2174b8007f8a69a8aa0d264

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-heap-l1-1-0.dll

MD5 df603cd6cb0fe53fd77c065f2766b5e8
SHA1 0698b7b97a6f5174cdca0849bec001127f9f0b16
SHA256 e488e688b75b9f95451ad9c65586783e37c32b9952cb48286572c90b150ebbdd
SHA512 929f4868015306e5b84a1e2f341c12a792fe98d82cbcfabbbe79f932f80d81b98f1b6543da7d23e9153a68b00a3768fa9cd112382092104bd4810e3071723933

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-handle-l1-1-0.dll

MD5 7141a2a1640ac67e686778130ad8dd7d
SHA1 8f4ba743bc5df04b3075535507983cede7ed249d
SHA256 4a2265e71cd5c9b85f5c705755c23323c1c33aecd9ff72b6ba1b425b8170cf08
SHA512 6906bcdf8474e1fc9f69457cbae6635b18ddda69e3e42ac3b2eaa26aadd717e11b4fcd14e6ed6b5c4e318705c203498d77af8717becf94fd159075093f431440

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-file-l2-1-0.dll

MD5 621a34a36c202e4c4e59a6077c22cb5e
SHA1 ec696fd4e8e5935a722e88a551593593a12e882e
SHA256 746cde47f460ab4ef45a3158cbc038b166c86b03114c259ea5c759001692c079
SHA512 04e94784a70a576235d5bec58c57b8b3cfc01d7b292287f299deaf52523cef51c2790874116e666e5bc672453beafe173cf1afbe49a5f3076b83344298643ae0

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-file-l1-2-0.dll

MD5 fa6953700659b11c2d82fb521d2e8664
SHA1 07c7d14fdfd1686a424820f77733d1d4f3c75e31
SHA256 4dcc72554ffaa121decaf6e5bd3081198f017d735a07cc6d23d8a56b1383a61e
SHA512 1300c6ab6377e717dfac9e2f78c1218dee91e8fde25454f65ab32095a949c1be5b67aa3ed1c1d9f78d0c8bc9830f5c1dc0e6e01e91effec20ead6cdd9a3f639f

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-file-l1-1-0.dll

MD5 8b03d7c248a3b8d5a3ad1029af37c889
SHA1 868a0dde330fdcbf6d0d23900f2c65720ddf9a90
SHA256 4358b538205e9637e8ded05e8490dc0b673e0f756803da451e933411b0e0cb9e
SHA512 76d7e1ea0762a51cd5597e06e98dbd6af17124af57d1729e71ac994ffe7bbbf8be02e57dde31f76a5ea5e7194cceb24185d14fe378780dd1f1afd228fc012d9a

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-errorhandling-l1-1-0.dll

MD5 da9189023a6b7872de881052f3b990f9
SHA1 55bcebcfd6805ee5bdad78a425ac5e123ab7e807
SHA256 f38193429c05622df65bfa1428895197b851d981875737c55f1cfe04a88664ef
SHA512 b9d60a5588d835fd7eea7b9bec6564377505b53169db281bf80fc994657e5a3dc506d58fdcdec5b6f79346fd7c172546b59315d276fa691d2b7b495ecc23c2e2

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-debug-l1-1-0.dll

MD5 9936abac26b97057e61a5a8346bc26c9
SHA1 16f37a510ecc2a9119e99797e99c4d2468eb39f6
SHA256 d4de4b05b001028456087425ff66044b62bfda3076bff084f9be7843f517c584
SHA512 7404c4a2f884c952a9d0bca9dde757d05db9a74892823d239e70afa40360220896e22853dad19f6d3e8a130ef6a936ded1d53af99d0afd7fd23babd2e0b0842a

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-datetime-l1-1-0.dll

MD5 faecbfdacc6dc01b0455ea7b4576de99
SHA1 62fe4962a5900ffb94a05e6577dc5d63d90b3000
SHA256 2b2ed0fe1be4713b33d150828ec0813fd4ecdcac8021a39e37fd8fe64bd21157
SHA512 68dca96b1cf711e5fa283c355183a3f8f2db84081f07fd534d36dc68b4ea6e32e58b9be38fd51d743212d2d698ae656474b30c85a86321d58d1c0947911602e6

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-console-l1-1-0.dll

MD5 feb41d426bf3cdfcc7d21464c26aed53
SHA1 97a56392ec04e202d59978dc6670d5e76a2be6c1
SHA256 299bf8705f61598548975e0b122debedf5dc928fc874801d8988d64b7d623da1
SHA512 2b962112bad1a754e2cbd3f3f29538dcf1132fa59e298bfa18d1b706d967735e02c524c3a993a2040a9ae94e387ede394c7f67d348e50e0ef40815ce67630866

C:\Users\Admin\AppData\Local\Temp\_MEI15562\_hashlib.pyd

MD5 eedb6d834d96a3dffffb1f65b5f7e5be
SHA1 ed6735cfdd0d1ec21c7568a9923eb377e54b308d
SHA256 79c4cde23397b9a35b54a3c2298b3c7a844454f4387cb0693f15e4facd227dd2
SHA512 527bd7bb2f4031416762595f4ce24cbc6254a50eaf2cc160b930950c4f2b3f5e245a486972148c535f8cd80c78ec6fa8c9a062085d60db8f23d4b21e8ae4c0ad

C:\Users\Admin\AppData\Local\Temp\_MEI15562\_decimal.pyd

MD5 3055edf761508190b576e9bf904003aa
SHA1 f0dc8d882b5cd7955cc6dfc8f9834f70a83c7890
SHA256 e4104e47399d3f635a14d649f61250e9fd37f7e65c81ffe11f099923f8532577
SHA512 87538fe20bd2c1150a8fefd0478ffd32e2a9c59d22290464bf5dfb917f6ac7ec874f8b1c70d643a4dc3dd32cbe17e7ea40c0be3ea9dd07039d94ab316f752248

C:\Users\Admin\AppData\Local\Temp\_MEI15562\_cffi_backend.cp312-win_amd64.pyd

MD5 0572b13646141d0b1a5718e35549577c
SHA1 eeb40363c1f456c1c612d3c7e4923210eae4cdf7
SHA256 d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7
SHA512 67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

C:\Users\Admin\AppData\Local\Temp\_MEI15562\_bz2.pyd

MD5 223fd6748cae86e8c2d5618085c768ac
SHA1 dcb589f2265728fe97156814cbe6ff3303cd05d3
SHA256 f81dc49eac5ecc528e628175add2ff6bda695a93ea76671d7187155aa6326abb
SHA512 9c22c178417b82e68f71e5b7fe7c0c0a77184ee12bd0dc049373eace7fa66c89458164d124a9167ae760ff9d384b78ca91001e5c151a51ad80c824066b8ecce6

C:\Users\Admin\AppData\Local\Temp\_MEI15562\_brotli.cp312-win_amd64.pyd

MD5 9ad5bb6f92ee2cfd29dde8dd4da99eb7
SHA1 30a8309938c501b336fd3947de46c03f1bb19dc8
SHA256 788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8
SHA512 a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

C:\Users\Admin\AppData\Local\Temp\_MEI15562\_asyncio.pyd

MD5 28d2a0405be6de3d168f28109030130c
SHA1 7151eccbd204b7503f34088a279d654cfe2260c9
SHA256 2dfcaec25de17be21f91456256219578eae9a7aec5d21385dec53d0840cf0b8d
SHA512 b87f406f2556fac713967e5ae24729e827f2112c318e73fe8ba28946fd6161802de629780fad7a3303cf3dbab7999b15b535f174c85b3cbb7bb3c67915f3b8d0

C:\Users\Admin\AppData\Local\Temp\_MEI15562\VCRUNTIME140_1.dll

MD5 f8dfa78045620cf8a732e67d1b1eb53d
SHA1 ff9a604d8c99405bfdbbf4295825d3fcbc792704
SHA256 a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5
SHA512 ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

C:\Users\Admin\AppData\Local\Temp\_MEI15562\unicodedata.pyd

MD5 16be9a6f941f1a2cb6b5fca766309b2c
SHA1 17b23ae0e6a11d5b8159c748073e36a936f3316a
SHA256 10ffd5207eeff5a836b330b237d766365d746c30e01abf0fd01f78548d1f1b04
SHA512 64b7ecc58ae7cf128f03a0d5d5428aaa0d4ad4ae7e7d19be0ea819bbbf99503836bfe4946df8ee3ab8a92331fdd002ab9a9de5146af3e86fef789ce46810796b

C:\Users\Admin\AppData\Local\Temp\_MEI15562\select.pyd

MD5 92b440ca45447ec33e884752e4c65b07
SHA1 5477e21bb511cc33c988140521a4f8c11a427bcc
SHA256 680df34fb908c49410ac5f68a8c05d92858acd111e62d1194d15bdce520bd6c3
SHA512 40e60e1d1445592c5e8eb352a4052db28b1739a29e16b884b0ba15917b058e66196988214ce473ba158704837b101a13195d5e48cb1dc2f07262dfecfe8d8191

C:\Users\Admin\AppData\Local\Temp\_MEI15562\pyexpat.pyd

MD5 5e911ca0010d5c9dce50c58b703e0d80
SHA1 89be290bebab337417c41bab06f43effb4799671
SHA256 4779e19ee0f4f0be953805efa1174e127f6e91ad023bd33ac7127fef35e9087b
SHA512 e3f1db80748333f08f79f735a457246e015c10b353e1a52abe91ed9a69f7de5efa5f78a2ed209e97b16813cb74a87f8f0c63a5f44c8b59583851922f54a48cf5

C:\Users\Admin\AppData\Local\Temp\_MEI15562\libssl-3.dll

MD5 19a2aba25456181d5fb572d88ac0e73e
SHA1 656ca8cdfc9c3a6379536e2027e93408851483db
SHA256 2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006
SHA512 df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

C:\Users\Admin\AppData\Local\Temp\_MEI15562\libcrypto-3.dll

MD5 e547cf6d296a88f5b1c352c116df7c0c
SHA1 cafa14e0367f7c13ad140fd556f10f320a039783
SHA256 05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de
SHA512 9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-utility-l1-1-0.dll

MD5 3138b144c99759b77dbd488dc91134ae
SHA1 664718852f84ad49623ffd401fac7959eda57704
SHA256 3f78ca473da2335c8f26e32ac5a12ab6a76e4c415d923a930abbc0ef5630c835
SHA512 4e5c519facb1580eca906821d0956b750c63f8882acd5dd0be1531ee2ee45e8b0fb10de6db0f1cd254844131680e19206942d7be24e976bd34cf1ebfa434b16b

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-time-l1-1-0.dll

MD5 7e767ac571d63bcaeb64e243b2600b8d
SHA1 995ce687f655ff937fdf80c1ac7bae043e23e45a
SHA256 c7643c68c3a33a2f67edca02d713749cafeb200daf1f3db7bd2eb168809132ab
SHA512 10b0f0c4844b4beef38d9bd51bbde19ff83caa8e9ac2673528056535872b07e48515c973c50dea9da0ac335cf1a98374d31f52cb04bb0e95eb0e5e6337eee95e

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-string-l1-1-0.dll

MD5 017cd4317c9ff229fe723b4cef459e06
SHA1 d4355b4257d2efd5b1fc1a8b1ec8fbcde2260c75
SHA256 9800d19f55385efdb4bb215d7de0773fb9574fd5ce2773f0217973c780bb8ccf
SHA512 513e20936e54e179772669a5c097e61369e6b9e62b7a8c246e4bb518a190078968b6aa8c434418eae739b2081421faec4e396ae21803d383e853c77c8b914dc7

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-stdio-l1-1-0.dll

MD5 7f21f2ae857b6ed53ba086feca60e4d9
SHA1 abf957cf28b85c48a86ae255c36a978b4f1e0744
SHA256 479e452662de08c4f65572d78ad553d8a9ce0612e39e3b2aa274b77b40b398f2
SHA512 1a2d46806b48cf91beb7dcc9219af80f02d622b1aa9af7785e6b92dca138781a04a3c1bcc15f166fff96ee6bf3be19ae63e32b74a57d0f281acc1685fbca8148

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-runtime-l1-1-0.dll

MD5 9206d6bb749266ac31da559029003fbb
SHA1 496d3051b66d93951253686b73023b64350b521b
SHA256 19da9d0027faed99ef3685a706da4256a24bc705e1f3c0dfcb89df0508620814
SHA512 cd316a52b289e223f607a88033efe1de085a1fba3228a55900ef5908bd90c6342930bdfb73a1ae995c5e496977336186bb3c4e1a0f4f3de52a6465014ee917bf

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-process-l1-1-0.dll

MD5 e9208bf204cc2f705533328fa24f3a8b
SHA1 d2d6549d7a85dfb4d5877c59f3ba110985a202c9
SHA256 c679988b7dac986ec8d92b994d92b9979e565f6adbfd356b66a920f20e9caa86
SHA512 fb648540545c25d15a19cb9605fd78cbb5a214ff4d91d925400632aca85b59611493db71c65182cc189529fe767bcee114ac7e6c7980afa64875ca622ff1b038

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-math-l1-1-0.dll

MD5 0d517e23b98b6e465214a25b0e73a49b
SHA1 8900d523d919a42ef4750eee7ce87cfb835fa455
SHA256 90d5f4615e9aadf8f38f98a8443ca3cdcee6f082d07ee2abd1a74204dbefe73a
SHA512 d850881bd7b042051fecee9e2fb4be105184e678c82d25095f88dc3c4e6ca9eb4ef818eee36443a62a1f54225a5213363b5a058d3a70baa29dd83f44dc9a1eb4

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-locale-l1-1-0.dll

MD5 ed7e63157d241abb713998265b3987d1
SHA1 00d80cfe269434a4bbc7b2266e0e3d7f7ff72f2f
SHA256 3afe87a1dd2463fc3a9b5ba0bfc97fb3689764ac10d2c408f5a7b7d6caf06657
SHA512 3e89d1c1c3fca451a3d693873ebf58cceb73720c4c56d7449a96192fd240ac285a3da4e200ec289bfd5cfcfbdac4d83671059ed672739ca83deef9c891d84165

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-heap-l1-1-0.dll

MD5 dd79fe03815d8d96a70955257b85d025
SHA1 d98f5a2d2d52fc361064427fdecffbe1620b1d68
SHA256 505b61565d51d0c95d9bc77337d063cd18c97a575f5e318cc5a0458d10ef4638
SHA512 3fa3d9a9cddb493786c557f0738c6fad181a862749447c8172093709c4e931708cce12c9d177dbc4f9a0de0f950ebeaf02271e7cbc2b1f177e9c7f838b9ad7d0

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-filesystem-l1-1-0.dll

MD5 442a686b00c22cc9affcecb15a569267
SHA1 10f02b15493737d30aacebad19ecadb8bab81817
SHA256 cb0be4a28ff15650353aa3ea778e7b4076f77d394b6c406b2d288a8ccdf88a05
SHA512 3d1da7ce726a435629d492ee2191e9818ddc975fc686835d61f1259fbb123de522f419a4571fb24c2c5227a2d12a83db2815aca6b7360a75a4b0671ea212acbd

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-environment-l1-1-0.dll

MD5 0ed33abfad3cedf07f538e2152443683
SHA1 78eed147eb33efd14f03d8e2fbe0ec0f41ae4056
SHA256 f76d2547bfc429e14b49d030679fdefa12383c1f3a8e09fa69b760a89f469e9a
SHA512 42b9417b464f6ddd45294e85b3f9143e5c76f512ca70214d1fc302f0cd28c8b7c29d9e213c78861d10ef4316aa02c14ecec2d9bc5a8021880f4186798eb4e317

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-convert-l1-1-0.dll

MD5 d360a829d5376ff0961f62bbe5ac9e06
SHA1 7965077b47bf9949570656df5160f55d27eed1a4
SHA256 6db47157030960e7106cec7825601ce7a33ea58ece603c90ecd9532ece1d1afe
SHA512 aaeed59b187bb277239a07e539e34520e8bc321e4f398e44ee396751e76c189c0180171202380974f12c1c302e77b533b7a93898dd8ddfd5c524143a22b3b748

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-crt-conio-l1-1-0.dll

MD5 218334da1ed369d2b694d3dff42da6ce
SHA1 afcb936ebfc7a2d6cd3b0c7f25a3fb125bcb8a8a
SHA256 b6ff4feabbe5f1fdc56f2e4e440dd8258702c3fc2a314440100319a62304baff
SHA512 9f2d009935b0847f89639b80c79dbe0fdfd08aa0c958ff67665a90971d3b304edf0e87b99112ca3ce988c2065147a41b63f47cd107d3a02e1a164ceb9bc4c13d

C:\Users\Admin\AppData\Local\Temp\_MEI15562\api-ms-win-core-util-l1-1-0.dll

MD5 fa11fa74380735a5b8d4b309de4854be
SHA1 328959db39043cf7591cb18faec351957695f788
SHA256 167e6e08e570e1ce34854781463c218bf14124a4112216b5f93d38d3c204e62a
SHA512 a82f457868374c92322f7508f2ed98504e62b670621ba17ad636044a8198f5be56be46b25426bec1b85dd79b3de7c2a00bec33bd9246bc136a208a6d6e5f335f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 3a09f853479af373691d131247040276
SHA1 1b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256 a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512 341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 db9081c34e133c32d02f593df88f047a
SHA1 a0da007c14fd0591091924edc44bee90456700c6
SHA256 c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA512 12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 a28d302c69bd23547b1b76c5434b3e63
SHA1 44b8c0ee3c35d19a565c4dc679315101e5aaf32b
SHA256 87a28731498fa1f27e74a9a86322bc6765cf9b0fd00628cddea3e9b20c14ccb1
SHA512 cff0ead95aef16516db8c0064d1cf36ef332d29b2205a29ea7ac009a83a695bfa592bc0e1acb47a3ed9d5fd86040b5ae0665609a09183d571c4bf1ca4b3942b0

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 6752a1d65b201c13b62ea44016eb221f
SHA1 58ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA256 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA512 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 7d40e89693284f0446de9661b84e76a3
SHA1 16d2a4a950595142c39c19ed7b5b0a6a85ed58af
SHA256 9496444ea8114d289b208017c0a78d7f200d28a291cbdbeb3cf1f8fe5cf4773e
SHA512 34d61e75aa494b9627df07c1eea19800b8f1ddb92e903dead192e665f31088b31a4f453c3ac109af52097de9196dc4c1aa53aad0f20cec26a17ecdcc3dad3834

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 f1cc6d9da630ea12414bda90c3adf966
SHA1 0b10c491899287b53cdd88ae12e36f844c8217df
SHA256 09470df212a0ea670dac51a94552d75e506edc64ecad911143ec729065482884
SHA512 b2697c0d7a8eaad04494e72fad4ab9af86e57a62613b4deae624a457165df3d462884a0352e5efcf465cd62ef918d4ab11d8ea85a0d7ec9dd49ca6d1505f31b5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 473a1b39d2948c3889c79ee8c6ebd8ed
SHA1 a2cf8b2b013d3870f4ef6b40db77c5e878713a49
SHA256 3bc20e75e1aefa8b8338063cc8ff34ebf6cadef430e230513109722992803573
SHA512 ece80c45fe6fd99d9043e24869004786be4a82aa9f710191703dad4c2d9964e03c5fd64bc08e121da0e8da5ffd015f6d896f6c9eb79cbb004c1eb408a6cac434

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dc8731d1-6dbf-4b21-abd2-d270a13959b5.tmp

MD5 9e58a342202d039f88e1f7c01092d4fb
SHA1 b01ef7dff3745eb1a7eea05b2f39830ff405c9ca
SHA256 f267972a8a101abd11fbc9fef9826158801098975bdfba2e3a721bcc8e97a158
SHA512 d3192576c30bdc39868983f8a17dfb9da4068839f06c10cd1b5055f0ec647f0c7129d9da1d4a121ce31d87031d6fbd12218e25a9449d3515c1b62a6eabc24122